View previous topic :: View next topic |
Author |
Message |
loloyd -
Joined: 03 Mar 2006 Posts: 435 Location: Philippines
|
Posted: Mon Jul 16, 2007 2:21 am Post subject: Security Warnings |
|
|
I am browsing locally using Firefox 2.0.0.4 on Windows XP where my Abyss 2.5 Beta 1 resides. I'm not really savvy with HTTPS and SSL but, to my understanding, packet transmissions over HTTPS should well be encrypted, as per definition.
Why is it then that my Firefox reports a Security Warning like this? Why is it that I only get partial encryption? Shouldn't all packet transmissions be encrypted in HTTPS?
_________________
http://home.loloyd.com/ is online if the logo graphic at left is showing. |
|
Back to top |
|
|
aprelium-beta -
Joined: 24 Jun 2004 Posts: 383
|
Posted: Mon Jul 16, 2007 9:38 pm Post subject: Re: Security Warnings |
|
|
loloyd,
That's not a server issue. It's related to your HTML page code.
It seems that you are viewing a HTML page over HTTPS while this page references some HTTP images (or other embedded objects). This makes most browsers complain and report a warning.
So try removing the hard coded http:// links from your page. Does that help? _________________ Beta Testing Team
Aprelium - http://www.aprelium.com |
|
Back to top |
|
|
loloyd -
Joined: 03 Mar 2006 Posts: 435 Location: Philippines
|
Posted: Tue Jul 17, 2007 5:14 am Post subject: |
|
|
Yes, that helps! You're right. Thank you very much.
I also did some crude tests. I src'd images from external http only sites and the security set did not complain. I think what's causing the security alerts to pop up are my src'd (embedded) videos. It is now my belief (yeah not very scientific admittedly) that only tags with SRC= attribute are affected by this.
Any additional insights are very much welcome. _________________
http://home.loloyd.com/ is online if the logo graphic at left is showing. |
|
Back to top |
|
|
aprelium-beta -
Joined: 24 Jun 2004 Posts: 383
|
|
Back to top |
|
|
loloyd -
Joined: 03 Mar 2006 Posts: 435 Location: Philippines
|
Posted: Wed Jul 18, 2007 3:15 am Post subject: |
|
|
It's not really the checkbox I'm concerned about or the pop up alert. It's the sense of not having all parts of the content encrypted. It makes our HTTPS website users feel less secure when transacting with the site, especially when there's a heavy consideration on security. Leaving an HTTPS website "partially secured" would be ugly in my opinion, and it somehow defeats the purpose of installing an HTTPS server on it. _________________
http://home.loloyd.com/ is online if the logo graphic at left is showing. |
|
Back to top |
|
|
aprelium-beta -
Joined: 24 Jun 2004 Posts: 383
|
Posted: Wed Jul 18, 2007 11:01 pm Post subject: |
|
|
loloyd,
Sorry, but we don't see the problem here. It's up to the web site designer to make pages serve everything from a HTTPS request to avoid that situation. The server can do nothing if you have hard coded a http:// inside your page.
So for example, instead of using:
Code: | <IMG SRC="http;//mysite/test.jpg"> |
write:
Code: | <IMG SRC="/test.jpg"> |
The second chunk will never raise any warning and will work regardless of your domain name and the protocol you're going to choose when deploying the site. _________________ Beta Testing Team
Aprelium - http://www.aprelium.com |
|
Back to top |
|
|
loloyd -
Joined: 03 Mar 2006 Posts: 435 Location: Philippines
|
Posted: Thu Jul 19, 2007 12:46 am Post subject: |
|
|
loloyd wrote: | Yes, that helps! You're right. Thank you very much. |
As I said before, you are right. That is the kind of crude test I have just implemented as described in my earlier post. I was able to "fully secure" my web pages when I removed all external SRC="HTTP://..." references. What I was merely pointing out was my opinion regarding partially encrypted content. Us website makers should indeed avoid partially encrypted content when using HTTPS. And, advising our website users to switch off the pop up alert on this with their browsers if we are hosting partially encrypted content would be a less desirable option.
So there was actually no problem with the Abyss Beta 1 server. The problem lies within the webmaster's pages. :D _________________
http://home.loloyd.com/ is online if the logo graphic at left is showing. |
|
Back to top |
|
|
aprelium-beta -
Joined: 24 Jun 2004 Posts: 383
|
Posted: Fri Jul 20, 2007 12:05 am Post subject: |
|
|
loloyd wrote: | So there was actually no problem with the Abyss Beta 1 server. The problem lies within the webmaster's pages. :D |
:-) _________________ Beta Testing Team
Aprelium - http://www.aprelium.com |
|
Back to top |
|
|
Mahindra -
Joined: 23 Aug 2011 Posts: 3 Location: Grimsby england
|
Posted: Thu Oct 13, 2011 12:35 am Post subject: Security Warnings |
|
|
dgroos:
If you want to avoid the security warnings, then you will need to create buy a SSL Certificate from a certified authority.
A self-signed Certificate as the one you probably have is not "trusted", so the users are prompted to add your site the CmapServers site in the list of trusted places. If they add the certificate, then they wont be prompted anymore. _________________ No hay todavia. |
|
Back to top |
|
|
|